The username and password supplied when creating the RDS cluster have the role of rds_superuser, which grants permissions to the user for doing advanced database management activities. It is recommended that a service user can be created whose credentials can be distributed to clients accessing the database (for example, a lambda function).
This makes credential-rotation easy and prevents the proliferation of master credentials.